package netssl;

import javax.net.ssl.X509KeyManager;
import java.net.Socket;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

public class J_SSLKeyManager implements X509KeyManager {
    protected String m_alias;//密钥项的别名
    protected KeyStore m_keystore;//密钥库
    protected char[] m_storepass;//密钥库的密码
    protected char[] m_keypass;//密钥项的密码
    private String m_type;//m_alias密钥项的公钥的加密算法类型名称
    private String m_issuer;//m_alias密钥项的证书发照者

    public J_SSLKeyManager(KeyStore ks, String s, char[] storepass, char[] keypass) {
        m_keystore = ks;
        m_alias = s;
        m_storepass = storepass;
        m_keypass = keypass;

        try {
            Certificate c = ks.getCertificate(s);
            m_type = c.getPublicKey().getAlgorithm();
            m_issuer = ((X509Certificate) c).getIssuerX500Principal().getName();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
    }

    //
    public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket s) {
        if (keyType == null) {
            return null;
        }
        int i;
        for (i = 0; i < keyType.length; i++) {
            if (m_type.equals(keyType[i])) {
                i = -1;
                break;
            }
        }
        if (i == -1) {
            return null;

        }
        if (issuers == null) {
            return m_alias;
        }
        for (i = 0; i < issuers.length; i++) {
            if (m_issuer.equals(issuers[i].getName())) {
                return m_alias;
            }
        }
        return null;
    }

    public String chooseServerAlias(String keyType, Principal[] issuers, Socket s) {
        String[] ks = {keyType};
        return (chooseClientAlias(ks, issuers, s));
    }

    public X509Certificate[] getCertificateChain(String alias) {
        try {
            Certificate[] c = m_keystore.getCertificateChain(alias);
            if (c == null || c.length == 0) {
                return null;
            }
            X509Certificate[] xc = new X509Certificate[c.length];
            System.arraycopy(c, 0, xc, 0, c.length);
            return xc;
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
        return null;
    }

    public String[] getClientAliases(String keyType, Principal[] issuers) {
        String[] s;
        String alias = chooseServerAlias(keyType, issuers, null);
        if (alias == null) {
            return null;
        } else {
            s = new String[1];
            s[0] = alias;
        }
        return s;
    }

    public PrivateKey getPrivateKey(String alias) {
        PrivateKey privateKey = null;
        try {
            privateKey = (PrivateKey) m_keystore.getKey(alias, m_keypass);
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        }
        return privateKey;
    }

    public String[] getServerAliases(String keyType, Principal[] issuers) {
        return (getClientAliases(keyType, issuers));
    }
}
